Details
Alert ID 10106
Alert Type Active
Status beta
Risk Medium
CWE 311
WASC 4
Technologies Targeted All
Tags CWE-311
OWASP_2017_A06
OWASP_2021_A05
POLICY_QA_FULL
WSTG-V42-CRYP-03
More Info Scan Rule Help

Summary

The site is only served under HTTP and not HTTPS.

Solution

Configure your web or application server to use SSL (https).

Other Info

There was no automatic redirection. ZAP attempted to connect via: https://example.com

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/HttpOnlySiteScanRule.java